On 11/13/2016 04:38 AM, Sec Tester wrote:
I guess the main benefit to having VPN on router is it takes that overhead off the 
PCs CPU & memory.

But the paper is right, a lot of network hardware is backdoored. Especially the 
cisco stuff. And im suspicious of the Chinese stuff too.

We should endeavor to run open source routers. But im not aware of any open 
source modems? Im actually surprised someone hasnt cracked the proprietary DSL 
code and leaked an open source modem.

I bet we would not like what we found in their proprietary code :/

Having a VPN-Proxy-VM offers the flexibility to chose what VMs directly connect 
to the internet, and which VMs are routed through the VPN which is nice.

I've set my VPN-Proxy-VM using a minimal template, to future reduce the attack 
surface.

You can also run the whonix-gw over the vpn, or vise versa.

I imagine since snowden said to the world he uses Qubes OS, the NSA have had 
their team looking for ways in. I think qubes can be hardened much more than it 
currently is.


Its not just backdoors... IIRC the NSA and probably other groups greatly prefer to attack routers for some reason. I think the reason is they are generally neglected and insecure.

Quite frankly, there is all too much insecurity to go around... and I don't even think software is the worst culprit anymore. We're all using souped-up ancient architectures that expose us to things like 'DRAMA' and it seems there is little-to-no innovation with respect to more secure hardware architecture. Qubes tries to propose new architecture in software, but I worry even it may not be enough.

Router vs laptop: If we regard a well-maintained OpenWRT router as more secure than Qubes on a laptop, then we've given up on link encryption in our applications (HTTPS, ZRTP, etc.) by implication. Then the only way to have reliable link encryption is to have everyone we communicate with sitting at home connecting to a single VPN server... each from their router-bound VPN clients... tethered by an ethernet cable between router and PC. Egads.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5947e135-73bc-8dcc-b248-a0d97bb47d94%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to